How Ethereum's PoS would be taken over by exchanges
227 sats \ 8 comments \ @ugmug 21 Feb 2022 bitcoin
This is somewhat of a sequel to my previous post on PoW vs PoS, where I'll go into detail on one specific type of attack that I predict will inevitably happen on Ethereum due to the nature of PoS. I'll show how in PoS, centralized exchanges operate similar to traditional banks. Then I'll explain why Ethereum's minority UASF (really a VASF) would ultimately fail against a change by a centralized exchange validator cabal.
Centralized exchanges are profit maximizing companies. They will do whatever means necessary to extract profits out of things they control, with little regard for the security of the cryptocurrency network tokens that trade on their platform since failures mean more volatility which mean more fees extracted from users. The switch to PoS is extremely advantageous to them in that they get access to 2 new income streams: staking and MEV. These are new income streams because in order for them to obtain profits in PoW on Bitcoin, they would have to purchase ASICs, house them, pay for electricity, maintain them, etc. These are unavoidable operational costs associated with all PoW chains and act as a proactive security barrier for the network.
A major loss of security in PoS is that full nodes are losing the ability to secure the network. Securing the network will be done entirely by validators, requiring a 32 ETH stake, to flag and slash malicious validators. Full nodes will not accept arbitrary changes to consensus though. However, a majority of users on Ethereum do not run their own nodes and instead rely on services like Infura and Etherscan to interact with the chain. This is because running a full node requires significantly more resources than a Bitcoin node, not just storage, which is rapidly growing, but CPU and RAM usage too. A light client doesn't solve this because you're still relying on someone else's node, and therefore their rules.
Exchanges will absolutely take advantage of the enormous amount of ETH that they custody. Similar to buying treasuries, staking is a form of guaranteed risk free yield. They will be able to know how much ETH they can get away with staking without affecting user withdrawals, similar to fractional reserve banking. They may even offer their own tokens in order to attract more ETH to their platforms, like how a bank provides interest in a savings account.
Some users may say, "to hell with these centralized exchanges, I'll use a DEX." However, as the centralized exchanges acquire more ETH and eventually gain a majority share of the validators, they unlock that second income stream, MEV. They will ensure DEX users get the worst rate possible, with the most amount of slippage possible, while also making a profit on every DEX trader, since they will control transaction ordering. The centralized exchanges could even lower trading fees on their platforms to make users come back, where they can use their ETH.
With a majority of the ETH staked, it's easy to see how these exchanges will be targeted for regulation, and by that I really mean censorship. They'll be obligated to exclude transactions to or from blacklisted addresses, and may even overwrite blocks that include them if they're recent enough to not be penalized for it. This is a separate problem though that I don't need to get into too much detail. Because there is no external cost to maintain a validator, a majority group of validators can never be unseated. Best summarized here.
Eventually, these centralized exchanges will collude and try to push a consensus change in that the users don't agree with. We don't have to focus on what that is, just that it's likely to happen at some point, though I would predict it would be some form of bailout. The exchanges have the means to update the validator client software themselves, they don't particularly need the ETH devs to do it for them. This is where strong arming begins, and is what failed on Bitcoin during the block size war, but since the full nodes lost their ability to secure the network, will allow the exchanges to be successful this time. Exchanges could easily buy Infura and Etherscan, even in some indirect form, and get them to use their fork in the event of a contentious update.
Ethereum does have one maneuver to fight this though, which they call a minority UASF. This is where the "community" can decide to fork the chain and burn an attacker's stake. However, the problem is the ETH being burned would actually be the user's, because it's actually their ETH deposited in the exchanges. Ethereum's security model assumes an attacker would have to purchase ETH in order to pull off a 51% attack, but the reality is that's not even necessary. So since the ETH to be burned on the minority fork are the user's, no one will migrate to it, certainly not the exchanges.
So there we have it, the only recourse for an attack on PoS fails and the exchanges control the chain. Any consensus rule is up for them to modify because they can update their clients and some key nodes that users rely on. All of this sounds very much like the current fiat system, because it is. This is exactly what Bitcoiners mean when they say PoS is fiat, it's old technology, it's what we've been on this whole time.
write
preview
related posts
2 sats \ 1 reply \ @ideasourcing 21 Feb 2022
I don't know what's what, but I know that only Bitcoin can be trusted. Cool article. Wish I could really really understand it and reply with something smart. But up-sats to you!
reply
1 sat \ 0 replies \ @ugmug OP 21 Feb 2022
Stick with Bitcoin and you're good to go, that's all you need. This post is mainly to try and help shitcoiners, particularly ETH fans, understand that they're walking into a trap with PoS.
reply
1 sat \ 1 reply \ @BlueSlime 22 Feb 2022
However, the problem is the ETH being burned would actually be the user's, because it's actually their ETH deposited in the exchanges.
I have to step in and defend ETH2 a bit here. You are making the assumption that users would not withdraw their funds in advance of a UASF, or that trust-less solutions like rocket pool would not be utilized.
Bitcoin network has dealt with numerous issues regarding centralized mining pools (and still does), and users have rallied when called upon. There's no reason to believe that the Ethereum community would not keep a close eye on their own consensus issues.
Even if staked Ethereum were to consolidate into a cartel of key players (which it will, no argument there), it would be similar to 51% control from a PoW cartel. There's a few attacks they can pull, but they can't forge signatures or rewrite history, or change consensus rules without triggering a hard fork. Plus validators must publicize on the beacon chain, where their consolidation will likely be tracked as time goes on (versus hash power hiding in complete secrecy).
Both Infura and Etherscan are a weekend project to replace. Yes they are far, far over-leveraged and a huge centralization risk, but any betrayal of the network and both services would evaporate them overnight. Block explorers are dime a dozen.
Ethereum does have an issue of nodes being too cumbersome to operate. That should be a larger concern for Etherbros.
reply
0 sats \ 0 replies \ @ugmug OP 22 Feb 2022
I have to step in and defend ETH2 a bit here.
Awesome! This is exactly what I was hoping for when I wrote it. Let's break everything down:
You are making the assumption that users would not withdraw their funds in advance of a UASF, or that trust-less solutions like rocket pool would not be utilized.
Yes, users would absolutely attempt to withdraw their ETH, however, keep in mind in my scenario (and I do admit I'm making some broad assumptions) the exchanges themselves are the attackers. They can impose long withdrawal times on ETH, citing any number of reasons (technical difficulties, third party custodian, etc.) in order to keep funds on the exchange. I could even go tinfoil hat and say this is where nation states will step in and begin to ban withdrawals to noncustodial wallets. Remember, exchanges are slaves to the governments they operate within.
As for decentralized solutions like a DAO, I think a majority of ETH users will still place their funds on centralized exchanges. We only need to visit rekt to see how pooling funds in a contract is a gigantic risk of a loss of funds entirely. These DAOs can say that they're trustless and whatever other marketing scheme they want to pull off, but ultimately someone has to be running, monitoring, and maintaining the validators.
Bitcoin network has dealt with numerous issues regarding centralized mining pools (and still does), and users have rallied when called upon. There's no reason to believe that the Ethereum community would not keep a close eye on their own consensus issues.
The main difference here is the validator set is pseudo-anonymous. Unlike mining pools, where you can actually see how much of a share of the hash power any pool has, you can't see how many validators an entity is running. So what will happen is the Ethereum community will have to make a retroactive change in response to an attack, instead of being able to proactively prevent it from happening in the first place. This is in-line with my previous post about PoW vs PoS because it's also proactive vs reactive security.
Even if staked Ethereum were to consolidate into a cartel of key players (which it will, no argument there), it would be similar to 51% control from a PoW cartel. There's a few attacks they can pull, but they can't forge signatures or rewrite history, or change consensus rules without triggering a hard fork. Plus validators must publicize on the beacon chain, where their consolidation will likely be tracked as time goes on (versus hash power hiding in complete secrecy).
Correct that they can't forge signatures or rewrite history, though technically they could rewrite history, there's just an automatic penalty for doing so, which means they won't bother. However, my scenario outlines how they could change consensus rules, even if that does trigger a hard fork, as it won't matter since they have the majority of the user funds. Validators have one field where they can customize their identity, called the graffiti. Here you can see the graffiti field's use for every new block. You'll notice a good number of blocks have this field blank, some are advertisements, some have client info, etc.
Both Infura and Etherscan are a weekend project to replace. Yes they are far, far over-leveraged and a huge centralization risk, but any betrayal of the network and both services would evaporate them overnight. Block explorers are dime a dozen.
I disagree here. We already know there are plenty of alternates to both Infura and Etherscan, yet they remain dominant due to network effects of everyone using them already, like Metamask, for example. Both Infura and Metamask are owned by Consensys, so it is unlikely that Metamask, which a majority of "Defi degens" use, will default to another provider. The real social aspect here is how the centralized exchanges can put the spin on their change to get the community to accept it. All they have to do is split the community and get some followers, then they can enforce their chain by excluding the minority fork.
Ethereum does have an issue of nodes being too cumbersome to operate. That should be a larger concern for Etherbros.
I think we're way past the point of no return here. There are some clients which use less resources, but since they're not as popular or as well funded as Geth, there's no telling how their developers will maintain the software.
I think that about covers everything you brought up. Thanks for starting some discussion on this!
reply
1 sat \ 3 replies \ @tomlaies 22 Feb 2022 freebie
I understand the scenario you are describing. Basically it assumes that exchanges will take the whole market hostage.
This is very similar to the theoretical idea that in bitcoin the big mining pools will take the mining hostage and only build on top of each others blocks and censor small miners.
In your scenario the big pos stakers would take the staking hostage and not validate what small validators (=non exchanges) do.
I have no solution to this game theory thought. But in the bitcoin scenario everyone of the big mines would have an incentive to ally with small miners to have an advantage over other big miners. Idk if that help and an equivalent could be found for your eeth game.